PacketFence 3.2.0 released

February 23, 2012

This is a major release with big features, new hardware support, enhancements, bug fixes (including a security fix) and updated translations.

Ready for production use.

Here are the changes in 3.2.0:

Security

• Reflected Cross-site scripting (XSS) in Web Admin printing system (#1362)

New Hardware Support

• Ruckus Wireless Controllers

New Features

• OpenVAS Vulnerability Assesment integration for client-side policy compliance
• Bandwidth violations based on RADIUS accounting information
• Billing engine integration for allowing the use of a payment gateway to gain network access.

Enhancements

• Migrated our documentation from a binary-only ODT to a flexible asciidoc format
• Code and tests refactoring
• Minor documentation update for Aruba Controllers
• Performance: avoiding some redundant operations on startup
• A DHCP listener will run by default on the management interface
• pfcmd_vlan is now able to run arbitrary methods on network devices
• Debug statement with the resolved SSID now available to troubleshoot SSID problems live
• Added getSwitchLocation to pfcmd_vlan which fetches SNMP sysLocation on switch (#1250, Thanks to Maikel!)
• Introduced more aggressive exception-based configuration error handling
• Introduced new trigger types (nessus and openvas) and removed the scan type
• Added the capability to use dots in trigger id
• Added a new config flag: registration.guests_self_registration to control if self-registered guests are enabled (#1361)
• Made it easier to override preregistered guest usernames (default is email)
• Added a new config flag: vlan.trap_limit to enable/disable the trap limit feature
• RADIUS captive portal authentication can now target several RADIUS servers for fault tolerance
• Added a multi-threaded EAP test script in t/stress-test/
• Performance: node_view query optimized for 100x+ gain in environments where MySQL is taking a lot of CPU
• Performance: faster command line response time (15%+ with bin/pfcmd)
• Our FreeRADIUS module packetfence.pm now logs in radius’ log instead of syslog (related to #1377)
• Performance: ~2x FreeRADIUS performance by avoiding superfluous queries

Bug Fixes

• Buttons in graphs.php of type ifoctetshistoryswitch, ifoctetshistoryuser, ifoctetshistorymac (#1110)
• Web Admin usability fixes (#1071)
• Small typo error in node.pm log message (#1357)
• Interpolation issue in pf::web::custom’s code which is disabled by default (#1358)
• Allow more than one SNMPv3 EngineID per user (#1354)
• OS and violation classes properly displayed in printer-friendly tables in the Web Admin
• Disabled config ownership tests because of too many false positives (#1345)
• Passthrough doesn’t work with domains without an ending slash (#1368)
• Returning exit status 0 on command line tools when asked to show help
• pfcmd’s general help is now sent to standard ouput instead of standard error
• Globally disabled privilege detection in hardware requiring Telnet / SSH. All except Trapeze. (#1370)
• Thread crash with floating network devices with VoIP through SSH transport (#1369)
• MAC-Auth / 802.1X translation fixes for the Cisco Catalyst 3550
• No more obscure error message if no management interface is defined in pf.conf
• pfcmd exit status now more consistent regarding config
• No more "Can’t call method "tag" on an undefined value" on broken pf.conf configuration (#1352)
• More reliable SSID extraction in Called-Station-Id (#1379)
• Fixed FreeRADIUS crashes in heavily loaded environments (#1377)

Translations

• Updated Brazilian Portuguese (pt_BR) translation (Thanks to Diego de Souza Lopes)
• Updated Brazilian Portuguese (pt_BR) Admin guide translation (Thanks to Diego de Souza Lopes)

… and more. See the ChangeLog file for the complete list of changes and the UPGRADE file for notes about upgrading. Both files are in the PacketFence distribution.

Enjoy PacketFence’s finest iteration yet!